JP2008250387A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve safety regardless of whether a processor has virtualization support function or not. <P>SOLUTION: The information processor comprises a processor; a guarded memory which stores a hypervisor accessible to an HV protection area; a first communication path which connects the guarded memory with the processor; a fetch detection part which detects fetch to the address of the first instruction of a plurality of instructions contained in an entry part to be executed when activating the hypervisor through the first communication path; an instruction detection part which detects execution of the final instruction in the entry part through the first communication path; a time determination part which determines whether the execution of the final instruction is detected after the lapse of a predetermined time or not; an execution determination part which determines whether interruption of the processor is prohibited or not from the execution result of the final instruction when it is determined that the predetermined time does not pass; and first and second HV area protection circuits which permit the processor to access the HV protective area when the prohibition is determined. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing apparatus equipped with a plurality of software.

  Conventionally, in a server machine that executes a database system or mission-critical processing, reliability and security have been regarded as important due to factors such as the importance of the processing and the sensitivity of data held inside. However, in recent years, it has become important to ensure reliability and security in various devices such as embedded devices as well as these general-purpose computers.

  In embedded devices, functions are becoming more complex, such as executing multiple functions at the same time within a single device, or downloading new functions and adding functions. In the development or operation of such a device capable of executing a plurality of functions, a new problem has occurred as compared with a single-function device.

  For example, when a malfunction is included in a certain function, there is a case where a failure occurs in which the entire device stops even if it is a very small part of the function. In addition, when a function downloaded and added to a device is a malicious and malicious program, there is a case where information or a program that should be kept secret or the program leaks to the outside, or is destroyed or falsified. Thus, reliability and security are also a problem in embedded devices and the like.

  In order to solve the above problems, it is necessary to control access to resources allocated to programs that implement each function. For example, a method of prohibiting access from other programs or functions to a resource allocated to a program, or managing by exclusive control of access to a resource shared by a plurality of functions or programs can be cited. Furthermore, it is necessary to protect the access control mechanism and the control information itself so that they cannot be freely operated.

  Computer virtualization technology has been proposed as a means of realizing these protections and isolating multiple functions to increase reliability and security. There are various forms of implementation of this virtualization technology. As an example of the virtualization technology, there is a form in which a virtualization layer is provided between hardware and an OS (Operating System), and a plurality of OSs (guest OSs) are operated on the virtualization layer. This virtualization layer is generally called a hypervisor layer. This hypervisor layer manages resources such as memory, devices, and interrupts, and provides a virtual machine composed of resources allocated to each guest OS. As a result, execution in a state where a plurality of guest OSs are isolated without interfering with each other can be realized. When the functions of the hypervisor layer are realized by software, the software is called a hypervisor.

  In a processor used for a general-purpose computer, a hardware mechanism that supports virtualization is prepared in the processor itself. As an example, there is a technology proposed by Intel (registered trademark) shown in Non-Patent Document 1. A processor in which this technology is implemented can prepare a number of privilege modes indicating the authority of the program being executed, and can be set to shift to a higher privilege mode when a specific instruction is executed. As a result, access to the shared resource from the guest OS can be monitored by hardware, and the access content can be checked by software to which a higher privilege mode is given at the time of access.

  As another example, there is a technology (Pacifica) proposed by Advanced Micro Devices. A processor equipped with the technology (Pacifica) has a mechanism for intercepting an interrupt and a function for generating a virtual interrupt from software. As a result, once the interrupt is intercepted by the hypervisor, the interrupt delivery to the guest OS that needs the interrupt can be managed. A mechanism for monitoring access to the address conversion table by the guest OS is also prepared. As a result, it is possible to prevent the guest OS from freely rewriting the address conversion table and accessing a memory area allocated to another guest OS.

"Intel (R) Virtualization Technology Specification for the IA-32 Intel (R) Architecture", [online], [searched May 31, 2005], Internet <URL: ftp://download.intel.com/technology /computing/vptech/C97063-002.pdf>

  However, unlike a high-performance processor used in a general-purpose computer, a general processor used for embedding does not have a mechanism for supporting virtualization. Usually, these processors have few privileged modes, so when a plurality of guest OSs are executed by the processor, each guest OS operates in the highest privileged mode. Therefore, there is a problem that an arbitrary guest OS can illegally refer to or change a memory area or a device assigned to another guest OS. Further, since the processor does not have a mechanism for protecting the interrupt vector table managed by the interrupt, there is a problem that there is no guarantee that the hypervisor can reliably intercept and deliver the interrupt.

  The present invention has been made in view of the above, and an object thereof is to provide an information processing apparatus that improves safety regardless of whether or not a processor has a virtualization support function.

  In order to solve the above-described problems and achieve the object, an information processing apparatus according to the present invention includes a processor, a first storage unit that stores privileged software that causes the processor to access a first access range, A second storage unit that stores software that causes the processor to access a second access range narrower than the first access range; and the first storage unit and the processor are connected, and the privileged software is transmitted to the processor. And a plurality of instructions executed when the processor activates the privileged software via the communication path and a communication path for performing communication of data necessary for execution by the processor. Fetch detecting means for detecting a fetch to a storage address where the first instruction is stored, and the processor Detecting means for detecting that a specific instruction of the plurality of instructions has been executed by the processor via the communication path; and storing by the fetch detecting means when the processor is executing the software. Time determination means for determining whether or not a predetermined time has elapsed from detection of a fetch to an address until the detection means detects that the specific instruction has been executed; and the predetermined time A determination means for determining whether or not an interrupt to the processor is prohibited based on a result of the processor executing the specific instruction, and the execution determination means includes the processor Control means for releasing access in the first access range to the processor when it is determined that interrupting to the processor is prohibited. And wherein the Rukoto.

  The information processing apparatus according to the present invention includes a processor, a first storage unit that stores privileged software that causes the processor to access the first access range, and a second access that is narrower than the first access range. A second storage unit that stores software that allows the processor to access the range, and the first storage unit and the processor are connected to communicate data necessary for executing the privileged software on the processor. A communication path, and a first instruction storing a first instruction among a plurality of instructions that are included in the privileged software and executed when the processor starts the privileged software via the communication path First fetch detection means for detecting a fetch to a storage address; and the processor sends the first description via the communication path. Second fetch detection means for detecting a fetch to a second storage address storing a specific instruction among the plurality of instructions included in the privileged software stored in a section, and the processor executing the software A predetermined time elapses from when the first fetch detection means detects a fetch to the first storage address until the second fetch detection means detects a fetch to the second storage address. Time determining means for determining whether or not the predetermined time has elapsed, and control means for releasing access of the first access range to the processor when it is determined that the predetermined time has not elapsed. It is characterized by.

  The information processing apparatus according to the present invention includes a processor, a first storage unit that stores privileged software that causes the processor to access the first access range, and a second access that is narrower than the first access range. A second storage unit that stores software that allows the processor to access the range, and the first storage unit and the processor are connected to communicate data necessary for executing the privileged software on the processor. A fetch detection means for detecting fetches to a plurality of instructions that are executed when the processor starts up the privileged software that is included in the privileged software via the communication path; When the processor is executing the software, from the detected fetch destination address, the plurality of Fetch determination means for determining whether or not the fetch to the storage address storing each instruction constituting the instruction is performed in the order of instructions, and when determining that the fetch of the plurality of instructions is performed in the order of instructions, Detection means for detecting that a specific instruction of the plurality of instructions has been executed by the processor, and determination for determining whether or not an interrupt to the processor is prohibited from the detected execution result of the plurality of instructions And a control means for releasing the access in the first access range to the processor when it is determined that the interrupt is prohibited.

  The information processing apparatus according to the present invention includes a processor, a first storage unit that stores privileged software that causes the processor to access the first access range, and a second access that is narrower than the first access range. A second storage unit that stores software that allows the processor to access the range, and the first storage unit and the processor are connected to communicate data necessary for executing the privileged software on the processor. A fetch detection means for detecting fetches to a plurality of instructions that are executed when the processor starts up the privileged software that is included in the privileged software via the communication path; When the processor is executing the software, from the detected fetch destination address, the plurality of A fetch determination means for determining whether or not a fetch to a storage address storing each instruction constituting the instruction is performed; and when determining that the plurality of instructions are fetched in order of instructions, And control means for releasing access in the first access range.

  According to the present invention, when privileged software whose entry code is composed of a plurality of instructions is executed, an illegal interruption by other software is prevented and safety is improved.

  Exemplary embodiments of an information processing apparatus according to the present invention will be explained below in detail with reference to the accompanying drawings. In the embodiments described later, an example in which the information processing apparatus is applied to a system LSI will be described. The information processing apparatus is not limited to the system LSI and may be applied to any apparatus.

(First embodiment)
As shown in FIG. 1, the system LSI 100 connects a memory 150 and a device 160. The system LSI 100 includes a processor 101, an operation mode management circuit 102, a memory access control unit 103, a first HV (Hyper Viser) area protection circuit 104, a device access control unit 105, and a second HV area protection circuit 106. , And a protective memory 107.

  The memory 150 includes a first memory area 154, a second memory area 155, a third memory area 156, a second guest OS storage area 152, and a third guest OS storage area 153. The first memory area 154 holds the first guest OS storage area 151.

  The first guest OS storage area 151 contains the binary code of the first guest OS, the second guest OS storage area 152 contains the binary code of the second guest OS, and the third guest OS storage area 153. Stores the binary code of the third guest OS. The first memory area 154, the second memory area 155, and the third memory area 156 are storage areas that are restricted in reading and writing by the memory access control unit 103. Further, an area for storing the guest OS may be secured in a storage area where reading and writing are restricted, like the first guest OS storage area 151.

  The device 160 is a device connected to the system LSI 100 and controlled by the processor 101 included in the system LSI 100. Access to the device 160 is restricted by the device access control unit 105 described later. The device 160 may be provided inside the system LSI 100 or may be provided outside the system LSI 100. Note that there is no particular limitation on the number of devices connected to the system LSI 100.

  Examples of the device 160 include a large capacity external storage device such as a memory module and a hard disk drive, an external communication device such as a network interface, an input device used by a user such as a keyboard and a mouse, and an external output such as a display. Devices are conceivable, but not limited to these.

  The first to sixth communication paths are arranged inside the system LSI 100 according to the present embodiment. These communication paths are media for transmitting data between the processor 101 and the memory / device. At least the access destination address and the data to be read and written are transmitted via the communication path. Further, the communication path may have any form, and in this embodiment, a bus is used. As an example of this bus, an address bus corresponding to the bit width of the address, a data bus corresponding to the data bit width, and a signal line indicating read / write can be considered. Further, as another embodiment, it is configured with a small number of signal lines such as a serial bus without distinction of addresses, data, etc., and an access request from a processor and a response from a memory using a predetermined protocol on the signal line. May be transmitted.

  In the system LSI 100 according to the present embodiment, when privileged software is operating on the processor 101, settings are made so as to operate in the highest operating mode managed by the system LSI 100. Only in the highest operating mode, predetermined access to the HV protection area is released.

  Further, privileged software refers to software that can be truly trusted among software that operates on the system LSI 100. The mechanism for assuring the reliability of privileged software may be realized by any method. In this embodiment, the reliability is ensured by storing the data in the protection memory 107 that is restricted in reading and writing. In the present embodiment, a hypervisor is used as privilege software. In the hypervisor, all the access destinations included in the HV protection area described later are in a range to be accessed. The hypervisor binary code is referred to as “HV code”. In addition, the uppermost operation mode is referred to as “HV mode”.

  The HV code storage area 112 stores HV codes. Further, the HV code stored in the HV code storage area 112 must not be modified by software such as a guest OS. Details of the HV code storage area 112 will be described later.

  As shown in FIG. 2, the HV code holds the instruction 1 “move SR to R0” 201 and the instruction 2 “store R0 to CheckAdr” 202 as entry codes in the entry part, and “return” 203 as the exit code. To do. In this entry part, the processor 101 executes a process for confirming whether or not the interrupt is prohibited so that an interrupt is not performed by another program when the HV code is executed. The entry unit is a plurality of instructions stored in the HV code that are executed when the processor 101 activates the hypervisor. If it is confirmed that the interrupt is prohibited, it is ensured that the processor 101 is safe when the HV code is executed.

  As shown in FIG. 2, the entry portion of the HV code is composed of a move instruction and a store instruction. Each of these instructions corresponds to one machine language instruction provided by the processor 101. 'SR' included in the instruction 1 indicates a register (status register) in which a value indicating the state of the processor 101 is stored. The value of 'SR' includes information indicating whether or not the processor 101 is currently in an interrupt disabled state. “RO” is a general-purpose register.

  Also, in this embodiment, the plurality of entry units instructed in this way because the processor 101 (to be described later) according to this embodiment does not have an instruction to write the contents of the SR to the memory in the instruction set. This is because the contents can be transferred only to the general-purpose register (R0).

  Therefore, in the instruction 1, the entry unit according to the present embodiment transfers the contents of the register 'SR' in which the value indicating the state of the processor 101 is stored to the general-purpose register 'R0'. Further, in instruction 2, the contents of the general-purpose register 'R0' are written into CheckAdr. With these two instructions, it can be checked that the processor 101 is disabled for interrupts.

  'CheckAdr' included in this instruction is an address for writing the value of 'SR'. It is preferable to select an address that does not actually exist as “CheckAdr”, which is different from the address of the memory or device controlled by the processor 101. In this case, the processor 101, which will be described later, transmits an access request to the nonexistent address “CheckAdr” to the communication path, but the memory or device connected via the communication path responds to the transmitted access request. And there is no actual reading and writing.

  Further, even when an address that actually exists in 'CheckAdr' is selected, it is necessary to select an address that is not used by all programs including the hypervisor and the guest OS. If a device exists at the address indicated by 'CheckAdr', data write processing is performed according to the instruction. As a result, the device may malfunction. Therefore, care must be taken not to select an address that is actually used.

  Further, although different from the present embodiment, the entry portion of the HV code may be composed of two or more instructions. As shown in FIG. 3, the case where the entry part of HV code | symbol is comprised by n piece etc. is also considered. In the example shown in FIG. 3, when writing the value of the general-purpose register into the memory, it is necessary to specify an address using another base register. In this example, the instruction 1 transfers the contents of the status register SR to the general-purpose register R0, the instruction 2 and later set the value of R1 to CheckAdr, and the last instruction n uses R1 as the base register. The contents of the register R0 are written to CheckAdr. Then, after these instructions, it is checked that the processor is in an interrupt disabled state. Even in the case of such n pieces, there is a possibility that another code will be interrupted.

  That is, it is a problem how to maintain security when the entry part of the HV code is composed of a plurality of instructions.

  Next, in the existing embedded device, since it was designed to be in the highest operating mode when the hypervisor is operating, unauthorized user code is executed in the highest operating mode in addition to the hypervisor. An example will be described.

  As shown in FIG. 4, the unauthorized user code on the left side is software code for performing unauthorized processing, and the binary code on the right side is a hypervisor binary code (hereinafter referred to as HV code). First, in software that performs illegal processing, “enable interrupt” is set to enable interrupts. Thereafter, the unauthorized user code jumps to the instruction 1 in the entry part. An interrupt is generated after execution of the instruction 1, and a false SR value is read into 'R0' by an interrupt handler of an illegal user code. Thereafter, the process returns to the instruction 2 in the entry part. At the same time, the operation mode is changed to the highest operation mode.

  Also, the range of instructions that are simultaneously read by one instruction fetch (hereinafter referred to as an instruction fetch unit) varies depending on the processor. This instruction fetch unit is defined by the number of instructions that are simultaneously read by one instruction fetch and the head address boundary of the instruction fetch unit. For example, in an embedded PowerPC (registered trademark) 405 processor, the instruction length is 32 bits. However, when fetching an instruction from a memory connected to an on-chip bus, a 64-bit boundary ( = 2 instructions arranged at the boundary of 2 instructions) are read out simultaneously.

  In the example of the built-in PowerPC (registered trademark) 405 processor, when executing sequentially from the first instruction (that is, an instruction arranged on a 64-bit boundary) among the instructions included in the instruction fetch unit, it is designated by an instruction fetch request. The address to be used is the head address of the instruction fetch unit, and two instructions included in the instruction fetch unit are read simultaneously. When the first instruction is executed, the second instruction is stored in the buffer, and when the second instruction is executed, an instruction fetch for the instruction does not occur.

  In this embodiment, the instruction fetch unit is an example for each instruction. However, by replacing “instruction” in the following description with “instruction fetch unit”, the present invention can be applied to a case where the instruction fetch unit is a plurality of instructions.

  The processor 101 executes another instruction of the hypervisor after the instruction of the entry part of the hypervisor is completed. When executing the hypervisor, since an interrupt is not actually prohibited, an unauthorized user code can interrupt the hypervisor.

  In the example shown in FIG. 4, the instructions in the entry part are executed in the order of instructions. That is, even if the fetch detection unit 121 confirms that the instructions from the beginning to the end of the entry part of the hypervisor are fetched in the order of instructions, the system LSI 100 shown in the present embodiment passes through the first communication path. The instruction fetch cannot be confirmed. For this reason, for example, even if an instruction fetch of another user code is performed via the sixth communication path, the operation mode management circuit 102 cannot detect an instruction fetch of the other user code. Therefore, in this embodiment, it is determined whether or not an interrupt has been made by measuring the time required for processing of the entry unit.

  If the interrupt vector table and the interrupt processing routine can be completely protected as in a processor used in a general-purpose computer, even if a jump to such an interrupt processing routine is performed, the program returns to the HV code again. There is no problem if it is described. However, in a processor used for an embedded device, the interrupt vector table and the interrupt processing routine cannot be completely under the protection of the hypervisor. For this reason, there is a possibility that an illegal user code is executed in the highest operation mode when an interrupt occurs.

  Therefore, in the present embodiment, the operation mode management circuit 102, the first HV area protection circuit 104, and the second HV area protection circuit 106, which will be described later, are prohibited from operating in the highest-level operation mode based on an unauthorized user code. To control.

  Returning to FIG. 1, the processor 101 performs processing or calculation according to an OS such as a first guest OS and software such as a hypervisor. In addition, the processor 101 according to the present embodiment is a processor that does not include a function that supports virtualization. However, in practice, it may be a processor that includes a function that supports virtualization. Needless to say.

  The processor 101 sequentially reads instructions from the memory (the memory 150 and the protection memory 107), and executes the read instructions. Further, the processor 101 reads / writes data from / to a memory or device connected to each communication path in accordance with the read command.

  By the way, in a general processor, the transition to the higher privilege mode is performed by executing a specific instruction represented by a system call instruction. After execution of this system call instruction, with the transition to the privileged mode, an exception occurs and jumps to the kernel code of the OS to ensure safety by setting an interrupt disabled state. The processor according to the present embodiment has a small number of operation modes, and has only two operation modes: a user mode assigned to an application and a privilege mode assigned to an OS. In this case, there is no operation mode assigned to the operation of the hypervisor, and the operation of the OS and the hypervisor cannot be distinguished.

  Therefore, in the present embodiment, an HV mode, which is an operation mode having an access authority higher than the operation mode of the processor 101 itself, is introduced. For this reason, the hardware mode arranged outside the processor 101 is switched to the HV mode. In this case, a jump to the HV code or a transition to an interrupt disabled state according to an instruction of software operating on the processor 101 cannot be controlled from outside hardware because of the internal operation of the processor.

  Therefore, in the system LSI 100 according to the present embodiment, the jump to the HV code and the transition to the interrupt disabled state are left to the software (for example, the first guest OS) operating on the processor 101, and the hardware external to the processor 101 is determined. The hardware checks whether the jump is properly made to the HV code and whether the interrupt is properly disabled. Next, the operation mode management circuit 102 that performs such a check will be described.

  The operation mode management circuit 102 includes a fetch detection unit 121, a fetch determination unit 122, a time measurement unit 123, an instruction detection unit 124, a time determination unit 125, an execution determination unit 126, and a mode switching unit 127. The data flowing in the first communication path connecting the processor 101 and the second HV area protection circuit 106 is monitored, and the operation mode is switched as necessary.

  The operation mode management circuit 102 is a state transition circuit that holds at least two states of the HV mode and the normal mode as operation modes. The operation mode management circuit 102 monitors the signal flowing through the first communication path, and causes a state transition between the HV mode and the normal mode when a predetermined condition is satisfied. Further, the operation mode management circuit 102 outputs a mode information signal to the first HV area protection circuit 104 and the second HV area protection circuit 106 according to the state of the HV mode / normal mode. Accordingly, the first HV area protection circuit 104 and the second HV area protection circuit 106 can perform access control according to the operation mode. Details regarding the operation of the operation mode management circuit 102 will be described later.

  In addition, the conditions that allow transition to the HV mode will be described. From the above, the processing necessary for the operation mode management circuit 102 to switch the operation mode to the HV mode is processing that appropriately transfers execution to the entry portion of the HV code (that is, guarantees that the instruction of the entry portion has been properly executed). And processing to disable interrupts (that is, it is necessary to guarantee that interrupts are disabled). The operation mode management circuit 102 can perform the process of setting the operation mode to the HV mode while guaranteeing the execution of these two processes. In other words, these three processes must be performed inseparably. Note that the processing is performed indivisiblely means that no other processing is performed between these processings. Of course, the HV code needs to be protected so that it cannot be modified by other software such as the guest OS.

  Further, when the entry portion of the HV code according to the present embodiment is appropriately executed, it can be confirmed whether or not the state of the processor 101 is interrupt-prohibited. For this reason, as described above, the point is whether or not the entry unit is appropriately executed without being interrupted by the unauthorized user code. Therefore, in the operation mode management circuit 102 according to the present embodiment, it is assumed that the entry portion having two or more instructions is indivisiblely executed by measuring the execution time of the entry portion.

  The operation mode management circuit 102 determines whether or not to set the operation mode to the HV mode based on whether or not the entry part having two or more instructions is inextricably executed. As a result, when the operation mode management circuit 102 switches to the HV mode, it is guaranteed that only the HV code is executed in a state where no interruption is possible.

  Then, the operation mode management circuit 102 according to the present embodiment guarantees that the entry portion of two or more instructions has been executed indefinitely by measuring the execution time of the entry portion in order to prevent the above-mentioned disguise of the interrupt. . The detailed processing procedure will be described later.

  By the way, the process of transferring execution to the HV code and the process of disabling interrupts are performed by software operating on the processor 101. Then, the operation mode management circuit 102 detects an execution request or execution result of these processes. As this detection check method, the operation mode management circuit 102 according to the present embodiment monitors the type, address, and data of an access request transmitted / received through the first communication path connecting the processor 101 and the protection memory 107. Next, each configuration of the operation mode management circuit 102 will be described.

  The fetch detection unit 121 detects an instruction fetch via a first communication path that connects the processor 101 and the second HV area protection circuit 106. The fetch detection unit 121 is an entry unit for the HV code stored in the HV code storage area 112 after completion of initialization at the time of starting the system LSI or when software such as the guest OS is executed on the processor 101. The instruction fetch is detected.

  The fetch determination unit 122 detects that the instruction fetch detected by the fetch detection unit 121 is the first instruction (for example, the instruction 1 shown in FIG. 2) in the entry part of the HV code stored in the HV code storage area 112 of the protection memory 107 described later. ) Address. A detailed determination method will be described later.

  In addition, the fetch determination unit 122 uses the instruction fetch detected by the fetch detection unit 121 as the address of the escape instruction (for example, included in the escape part of the HV code stored in the HV code storage area 112 of the protection memory 107 described later). It is determined whether or not the address is “return” 203 shown in FIG.

  When the fetch determination unit 122 determines that the fetch for the first instruction (for example, the instruction 1 shown in FIG. 2) in the entry part of the HV code has been performed, the time measurement unit 123 starts measuring time. The time measured by the time measuring unit 123 is a time obtained by counting some clock signal used in the system LSI 100. Since the purpose is to measure the instruction execution time in the processor 101, it is desirable that the clock signal used as the time measurement is a clock signal that serves as a reference for the progress of the operation of the processor 101.

  The instruction detection unit 124 detects the execution of the last instruction (for example, instruction 2 shown in FIG. 2) in the entry part of the HV code by the processor 101. The instruction detection unit 124 according to the present embodiment detects a data write request from the processor 101. The instruction detection unit 124 detects the instruction 2 when there are two entries in the entry section as shown in FIG. 2, but n when the entry section is composed of n instructions. The second instruction will be detected. Although different from the present embodiment, the instruction that is detected by the instruction detection unit 124 is not limited to the last instruction, as long as it is a specific instruction that can confirm that interrupts are prohibited. Be good.

  The time determination unit 125 determines whether or not a predetermined time has elapsed since the time measurement unit 123 started measuring time. This predetermined time is determined based on the time required to execute all instructions in the entry section. Thus, when the time determination unit 125 determines that the predetermined time has elapsed, if the instruction detection unit 124 cannot detect the instruction, it can be determined that an interrupt has been performed by other software.

  The execution determination unit 126 determines whether or not interrupts are prohibited from the execution result of the instruction detected by the instruction detection unit 124. The execution determining unit 126 according to the present embodiment determines whether or not the value specified in the write request for the address CheckAdr from the processor 101 is a value indicating interrupt inhibition. Thereby, it can be determined whether or not the processor 101 is in an interrupt disabled state.

  The mode switching unit 127 switches the operation mode according to the determination result of the execution determination unit 126. For example, if the mode switching unit 127 determines that the execution determining unit 126 is disabled for interrupts, the mode switching unit 127 regards the hypervisor as operating on the processor 101 in the interrupt disabled state, and sets the operation mode to the HV mode. Switch.

  Then, in the HV protection area described later, the first HV area protection circuit 104 and the second HV area protection circuit 106 described later have access addresses in the memory 150, the address on the protection memory 107, or the access range in the device 160 based on the operation mode. Process to change. The access range indicates an access destination range in which access to the processor 101 is released.

  Thus, access is released to all access destinations included in the HV protection area only when the HV code is executed in a state in which interruption is impossible. In the normal mode, the first guest OS or the like is opened to an access range narrower than all access destinations (ranges) included in the HV protection area.

  When the fetch determination unit 122 determines that the address is an escape instruction address, the mode switching unit 127 assumes that software such as the first guest OS operates on the processor 101 and switches the operation mode to the normal mode. Detailed switching conditions and the like will be described later.

  In the present embodiment, an area in the system LSI 100 where a range to be accessed according to software running on the processor 101 is changed is an HV (hypervisor) protection area. As shown in FIG. 1, the HV protection area includes a memory access control unit 103, a device access control unit 105, a protection memory 107, a first HV (hypervisor) area protection circuit 104, a second HV area protection circuit 106, Shall be included.

  The configuration (memory or circuit) stored in the HV protection area has predetermined restrictions on access (read / write) from the processor 101. As a result, the memory and device control information stored in the HV protection area, the guest OS management information, and the like can be accessed or written only by the HV code, and can be protected from unauthorized processing by the guest OS or the like.

  In the present embodiment, the above-described configuration is included in the HV protection region, but is not limited to such a configuration. As a modification, the HV protection area of the system LSI may include only the HV area protection circuit and the memory access control unit, or may include only the HV area protection circuit and the device access control unit, or the HV area protection circuit and the protection. Only the memory may be included, or a combination of two or more of these may be used. Detailed examples of other combinations will be described later.

  The protection memory 107 stores the HV code storage area 112. The protection memory 107 is write-protected in the normal mode.

  In the present embodiment, the HV code storage area 112 is provided in the protection memory 107 provided in the HV protection area. The HV code storage area 112 is prohibited from being written by the second HV area protection circuit 106 described later when the operation mode is other than the HV mode. Thereby, the modification to the HV code from the guest OS can be suppressed. In this embodiment, the HV code storage area 112 is provided inside the HV protection area. However, the HV code storage area 112 is not limited to the inside of the HV protection area, and may be provided anywhere as long as the modification from the guest OS can be suppressed. For example, it may be provided in the memory 150 (however, when provided in the memory 150, the operation mode management circuit 102 needs to be connected to the communication path 6).

  In this embodiment, protection is performed by a second HV area protection circuit 106 to be described later. In another embodiment, the HV code storage area 112 is set on a ROM (read only memory) that cannot be rewritten by the processor 101. It may be provided.

  Further, the second HV area protection circuit 106 not only prohibits writing to the HV code storage area 112 but also controls to prohibit all operations on the address of the HV code main body excluding the entry part of the HV code. Also good. When the second HV area protection circuit 106 performs the control in this way, it is possible to suppress reading of the HV code main body in the normal mode. Thereby, the processing content of the HV code can be concealed from the guest OS, and the safety can be further improved.

  Next, the hypervisor stored in the HV code storage area 112, the first guest OS stored in the first guest OS storage area 151, and the second guest OS stored in the second guest OS storage area 152 The guest OS and the third guest OS stored in the third guest OS storage area 153 will be described.

  As shown in FIG. 5, in the system LSI 100 according to the present embodiment, a hypervisor 504 is arranged on the hardware as the lowest layer of software. Further, the first guest OS 501, the second guest OS 502, and the third guest OS 503 are arranged on the hypervisor 504. In FIG. 5, for ease of explanation, the memory access of the first memory area 154, the second memory area 155, the third memory area 156, and the HV protection area 111 inside the memory 150 as a hardware configuration. Although the control information stored in the control unit 103 and the device access control unit 105 is shown, it is assumed that the same control is performed for other configurations.

  The hypervisor provides a guest OS switching function. In the system LSI 100, when switching the guest OS, the process is returned from any guest OS to the hypervisor, and then the current guest OS state is saved and the next guest OS state is restored.

  Further, when the processing is transferred from the guest OS to the hypervisor, the operation mode becomes the HV mode. At this time, the hypervisor can update the control information referred to when the memory access control unit 103 and the device access control unit 105 perform control. Therefore, the hypervisor updates the control information so that only the memory and device assigned to the next guest OS can be accessed. In this way, the hypervisor operating in the HV mode can access all hardware (access destination) included in the HV protection area.

  Then, the operation mode becomes the normal mode when the processing is transferred from the hypervisor to the next guest OS. In this normal mode, the control information cannot be updated. Accordingly, the memory access control unit 103 described later releases only the first memory area 154 to the first guest OS 501 in accordance with the updated control information, and the second memory area 155 and the third memory area 156 are opened. On the other hand, access can be prohibited. Thereby, in the system LSI 100 according to the present embodiment, an unauthorized guest OS can be prevented from accessing a memory or a device assigned to another guest OS. In the software configuration of the system LSI 100 according to the present embodiment, a plurality of guest OSs are operated separately from each other as described above.

  Returning to FIG. 1, the second HV area protection circuit 106 is disposed between the protection memory 107 and the processor 101, and performs a process for protecting the protection memory 107. In the present embodiment, the processor 101 and the second HV area protection circuit 106 are connected by a first communication path, and the second HV area protection circuit 106 and the protection memory 107 are connected by a third communication path. The second HV area protection circuit 106 receives a mode information signal indicating the operation mode from the operation mode management circuit 102.

  The second HV area protection circuit 106 includes a second control unit 132 and accepts an access request from the processor 101 via the first communication path. Then, when the mode information signal input from the operation mode management circuit 102 is a value indicating the HV mode, the second HV area protection circuit 106 outputs the received access request to the protection memory 107 via the third communication path. .

  Then, the second control unit 132 performs control to permit an access request to the protection memory 107 when an input indicating that the operation mode is the HV mode is input. In addition, when an input indicating that the operation mode is the normal mode is input, control for prohibiting the access request to the protection memory 107 is performed.

  Thus, the second HV area protection circuit 106 is inhibited from outputting the accepted access request to the protection memory 107 when the input mode information signal is a value indicating a mode other than the HV mode. Examples of restrictions on access to the protection memory 107 include an example of prohibiting access to a part of the address of the protection memory 107 and an example of prohibiting only writing. Moreover, you may combine these restrictions. Such a restriction is effective when only a part of the protection memory 107 is restricted to access in the normal mode or when a part of the operation is prohibited (for example, only writing is prohibited).

  Further, the second HV area protection circuit 106 always allows only the address corresponding to the entry part of the HV code in the HV code storage area 112 to be concealed when the HV code is concealed. The address corresponding to the main body of the HV code is made readable only in the HV mode. A procedure for changing the operation mode to the HV mode when the HV code is executed will be described later. By performing such processing, safety can be further improved.

  In the present embodiment, the example in which the protection memory 107 and the second HV area protection circuit 106 have different configurations has been described. However, these functions may be arranged in the system LSI 100 as one configuration.

  The first HV area protection circuit 104 includes a first control unit 131 and accepts an access request from the processor 101 via the first communication path. Then, the first HV area protection circuit 104 connects the memory access control unit 103 and the device access control unit 105 via the second communication path. The first HV area protection circuit 104 receives a mode information signal from the operation mode management circuit 102.

  Then, the memory access control unit 103 and the memory 150 are connected via a fourth communication path, and the device 160 and the device access control unit 105 are connected via a fifth communication path.

  The memory access control unit 103 controls access to the memory 150. Further, the system LSI 100 according to the present embodiment includes a sixth communication path as a communication path connecting the processor 101 and the memory access control unit 103, and communication for accessing the control information of the memory access control unit 103 from the processor 101. A first communication path and a second communication path were prepared as paths. Thereby, the access request to the memory 150 is output via the sixth communication path. The device access control unit 105 is also provided with a similar communication path.

  In addition, the memory access control unit 103 receives access (at least for writing or both writing / reading) to a predetermined address of the control information from the processor 101 via the first communication path and the first HV area protection circuit 104. In the memory access control unit 103 according to the present embodiment, it is this control information that is to be protected.

  The memory access control unit 103 transmits the access request to the memory 150 transmitted from the processor 101 via the sixth communication path to the memory 150 via the fourth communication path. At this time, the memory access control unit 103 limits the access request transmitted to the memory 150 in accordance with preset control information.

  The control information set in the memory access control unit 103 can be realized in various forms. For example, a plurality of sets of <start address, end address> are set. If the address of the access request to the memory is within the range of addresses represented by those groups, the access request is transmitted to the fourth communication path. It is possible to edit such a set of addresses only in the HV mode.

  When the mode information signal indicating the HV mode is input to the first HV area protection circuit 104, the memory access control unit 103 accepts access to an address assigned for writing / reading control information. The memory access control unit 103 does not accept an access to an address assigned for writing / reading control information when a mode information signal indicating a mode other than the HV mode is input to the first HV area protection circuit 104. .

  Further, in the present embodiment, as a path for connecting the processor 101 and the memory access control unit 103, the sixth communication path, and the processor 101 passes through the first communication path, the first HV area protection circuit 104, and the second communication path. It has two routes, a communication channel. However, the present embodiment is not limited to the one having such a plurality of paths. For example, communication from the processor 101 via the first communication path, the first HV area protection circuit 104, and the second communication path. Only the road may be used.

  The memory access control unit 103 thus writes / reads control information only in the HV mode, so that when the guest OS is switched in operation, the hypervisor switches the control information of the memory access control unit 103 accordingly. By performing settings suitable for the previous guest OS, only the data of the guest OS that operates next can be accessed.

  Then, the first control unit 131 performs control to release access to the control information included in the memory access control unit 103 and the device access control unit 105 when an input indicating that the operation mode is the HV mode is input. Further, when an input indicating that the operation mode is the normal mode is input, control for prohibiting access to the control information of the memory access control unit 103 and the device access control unit 105 is performed.

  Since the communication path has such a configuration, the first HV area protection circuit 104 does not perform any processing for access requests other than writing / reading control information of the memory access control unit 103 and the device access control unit 105. Good.

  The first HV area protection circuit 104 receives the mode information input from the operation mode management circuit 102 when receiving an access request from the processor 101 to the address assigned to write / read the control information of the memory access control unit 103. When the signal is a value representing the HV mode, the access request is output to the memory access control unit 103 via the second communication path. Further, the first HV area protection circuit 104 inhibits the access request from being output to the memory access control unit 103 when the mode information signal input from the operation mode management circuit 102 is a value indicating a mode other than the HV mode.

  In this embodiment, the access request for the control information of the memory access control unit 103 is transmitted / received via the first communication path and the second communication path, and the access request for the memory access control unit 103 other than the control information is transmitted. Is to transmit and receive data via the sixth communication path. However, although different from the present embodiment, these separate communication paths may be configured as one communication path via the first HV area protection circuit 104. In this case, an access request for the memory 150 is also made via the first HV area protection circuit 104. In addition, the first HV area protection circuit 104 performs the above-described control for writing / reading the control information of the memory access control unit 103, but all other access requests (for example, access requests for the memory 150) are stored in the memory. Output to the access control unit 103.

  The device access control unit 105 controls access to the device 160. Further, the device access control unit 105 receives an access request for control information included in the device access control unit 105 via the first HV area protection circuit 104 in the same manner as the memory access control unit 103 described above. Note that the processing performed by the device access control unit 105 is the same as that of the memory access control unit 103, and thus description thereof is omitted.

  The control information set in the device access control unit 105 can be realized in various forms. For example, a plurality of sets of <start address, end address> are set. If the address of the access request to the device is within the range of addresses represented by the set, the access request is transmitted to the fifth communication path. It is possible to edit such a set of addresses only in the HV mode.

  As another form of control information, when a plurality of devices are connected, a set of <start address, end address> corresponding to each device is set in advance, and access to the address is further performed. Whether or not to open may be set as a 1-bit bit mask. In this mode, if the address of the access request to the device is within the range of the address assigned to the device corresponding to the bit mask “1”, the access request is output.

  In the present embodiment, for example, when the guest OS is switched, the hypervisor rewrites the control information of the device access control unit 105 so that access can be released only to the device assigned to the operating guest OS. It becomes.

  Next, processing of the operation mode management circuit 102 will be described. The operation performed by the operation mode management circuit 102 is roughly divided into the following two operations.

  First, as a first operation, the operation mode management circuit 102 checks the HV mode entry when the operation mode is the normal mode, and transitions the operation mode to the HV mode when a predetermined condition is satisfied. As a second operation, when the operation mode is the HV mode, the operation mode management circuit 102 checks for escape from the HV mode, and transitions the operation mode to the normal mode when a predetermined condition is satisfied.

  As shown in FIG. 6, first, the operation mode management circuit 102 performs initialization when the entire system LSI 100 is activated (step S611). Here, the operation mode is set to the normal mode.

  Thereafter, the fetch detection unit 121 or the like of the operation mode management circuit 102 monitors the first communication path and confirms that the entry part of the HV code has been appropriately performed (step S612). Further, the process of step S612 is repeatedly performed until it is determined that the entry unit is appropriately performed every predetermined time. The detailed processing procedure will be described later.

  Next, the mode switching unit 127 performs processing for switching the operation mode to the HV mode (step S613). Then, the operation mode management circuit 102 outputs a mode information signal indicating that the operation mode is the HV mode to the first HV region protection circuit 104 and the second HV region protection circuit 106 (step S614). In this flowchart, for ease of explanation, the mode information signal is output at this timing, but actually, the operation mode management circuit 102 always outputs the mode information signal at predetermined intervals. Note that the operation mode management circuit 102 may always output the mode information signal to the signal line. In any case, the operation mode management circuit 102 can transmit the mode change timing to the first HV region protection circuit 104 and the second HV region protection circuit 106. The above is the first operation.

  Then, the first HV area protection circuit 104 receives an input of the mode information signal from the operation mode management circuit 102 and recognizes that the operation mode has been changed to the HV mode (step S601). Thereby, the first control unit 131 performs control to release access to the control information included in the memory access control unit 103 and the device access control unit 105 (step S602).

  Similarly, when receiving the input of the mode information signal from the operation mode management circuit 102, the second HV area protection circuit 106 recognizes that the operation mode has been changed to the HV mode (step S621). Thereby, the second control unit 132 performs control to release access to the protection memory 107 (step S622).

  Thereafter, the fetch detection unit 121 of the operation mode management circuit 102 monitors the first communication path and confirms that the HV code escape unit has been appropriately performed (step S615). Note that the process of step S615 is repeatedly performed until it is determined that the escape unit has been appropriately performed every predetermined time. The detailed processing procedure will be described later.

  Next, the mode switching unit 127 performs a process of switching the operation mode to the normal mode (step S616). That is, on the processor 101, the normal mode is switched for other software in the process of step S616, and other software such as the guest OS is executed.

  Therefore, the operation mode management circuit 102 outputs a mode information signal indicating that the operation mode is the normal mode to the first HV region protection circuit 104 and the second HV region protection circuit 106 (step S617). The above is the second operation. Thereafter, when other software is being executed, the fetch detection unit 121 or the like of the operation mode management circuit 102 again monitors the first communication path to determine whether or not the HV code entry unit has been appropriately performed. It will be confirmed (step S612).

  Further, when receiving the input of the mode information signal from the operation mode management circuit 102, the first HV area protection circuit 104 recognizes that the operation mode has been changed to the normal mode (step S603). Thereby, the first control unit 131 immediately performs control to prohibit access to the control information included in the memory access control unit 103 and the device access control unit 105 (step S604).

  Similarly, when receiving the input of the mode information signal from the operation mode management circuit 102, the second HV area protection circuit 106 recognizes that the operation mode has been changed to the normal mode (step S623). As a result, the second control unit 132 immediately controls to prohibit access to the protection memory 107 (step S624).

  In the present embodiment, by performing the above-described processing, it is possible to appropriately protect the configuration stored in the HV protection area according to the operation mode.

  Next, a procedure for confirming that the entry portion of the HV code shown in step S612 in FIG. 6 has been executed properly will be described. There are a plurality of methods for checking the entry portion of the HV code depending on the combination of the contents of the entry portion of the HV code and the configuration of the system LSI. In the present embodiment, one of a plurality of forms will be described. In addition, about another form, it demonstrates in embodiment mentioned later.

  As a method for confirming that the entry portion of the HV code according to the present embodiment has been properly executed, a method for determining whether or not the entry portion has been executed within a predetermined time is used. In addition, when the entry portion of the HV code is executed, it is confirmed that the processor 101 is prohibited from interrupting. Therefore, in this embodiment, when the entry part is executed within a predetermined time and it is confirmed that the interruption is prohibited by the execution of the entry part, the mode is switched to the HV mode.

  When the entry portion of the HV code is executed, signals are transmitted from the processor 101 to the first communication path in the following order.

  First, an instruction fetch request is transmitted from the processor 101 to the address of the instruction 1 at the address “HVEntry” in the HV code storage area 112. Then, the instruction 1 is transmitted from the HV code storage area 112. Thereafter, an instruction fetch request is transmitted from the processor 101 to the address of the instruction 2. Then, the instruction 2 is transmitted from the HV code storage area 112. When there are n instructions in the entry part, this instruction fetch request and instruction transmission are repeated n times.

  The operation mode management circuit 102 according to the present embodiment measures the execution time from the detection of the instruction fetch request for the address of the instruction 1 to the execution of the instruction 2, and the execution time is converted into an illegal user code. Check if it is equal to (or smaller than) the time when executed continuously without interruption. Then, the operation mode management circuit 102 guarantees that the entry portion of the HV code is inseparably executed when the execution times are equal (or small). Further, by confirming the execution contents of the instruction 2, it is guaranteed that the interrupt is prohibited. Since these are guaranteed, the condition for the operation mode management circuit 102 to transition the operation mode to the HV mode is satisfied.

  As shown in FIG. 7, first, the fetch detection unit 121 monitors the first communication path to determine whether or not an instruction fetch request transmitted from the processor 101 has been detected (step S701). This process is repeated until it is detected.

  Next, when the fetch detection unit 121 detects an instruction fetch request (step S701: Yes), the fetch determination unit 122 determines whether the address specified in the instruction fetch request is the address of the instruction 1 in the entry unit. It is determined whether or not (step S702). If the fetch determination unit 122 determines that they are different (step S702: No), the fetch detection unit 121 detects the instruction fetch again (step S701).

  When the fetch detection unit 121 determines that the address matches the instruction 1 (step S702: Yes), the time measurement unit 123 starts measuring time (step S703).

  Next, the time determination unit 125 determines whether or not a predetermined time T has elapsed since the start of time measurement (step S704). The predetermined time T is a time set in advance as a time required from the detection of the fetch of the instruction 1 to the execution of the instruction 2.

  If the time determination unit 125 determines that the predetermined time T has elapsed (step S704: No), the time measurement unit 123 ends the time measurement (step S709), and the fetch detection unit 121 detects the instruction fetch again. (Step S701).

  If the time determination unit 125 determines that the predetermined time T has not elapsed (step S704: Yes), the instruction detection unit 124 monitors the first communication path and issues a data write request from the processor 101. It is determined whether or not it has been detected (step S705). If it is determined that no time has been detected (step S705: No), the time determination unit 125 starts processing from determining whether the predetermined time T has elapsed (step S704).

  The predetermined time T is desirably an execution time when the entry code is continuously executed from the top. This entry code execution time needs to be checked in advance, for example, by simulating the internal operation of the processor 101 or by actually executing the entry code on the processor and measuring the output signal of the processor 101. . However, when there is some fluctuation in the execution time of the entry code, the maximum value of the execution time is used as the predetermined time T.

  Next, when the instruction detection unit 124 detects a data write request (step S705: Yes), the time measurement unit 123 ends the time measurement (step S706). Then, the instruction detection unit 124 determines whether or not the address specified in the data write request matches “CheckAdr” (step S707). If the instruction detection unit 124 determines that they are different (step S707: No), the fetch detection unit 121 detects the instruction fetch again (step S701).

  If the instruction detection unit 124 determines that the address matches “CheckAdr” (step S707: Yes), the execution determination unit 126 matches the data specified in the write request with the value of “SR” indicating that the interrupt is prohibited. It is determined whether or not to perform (step S708). If the execution determining unit 126 determines that they are different (step S708: No), the fetch detecting unit 121 detects the instruction fetch again (step S701).

  Next, when the execution determination unit 126 determines that the write data and the value of 'SR' indicating interrupt inhibition match (step S707: Yes), the execution determination unit 126 was able to confirm that the HV code entry unit was appropriately executed. Shall. And the process after step S613 shown in FIG. 6 will be performed.

  When 'SR' indicates only interrupt prohibition / permission, the entire write data may be simply compared. However, in general, a register representing a processor state often represents different types of states such as an interrupt state, an address translation mode, and a privileged mode in units of bits. In such a case, only the bit corresponding to the interrupt state needs to be compared.

  Next, the detection procedure of HV mode escape shown by step S615 of FIG. 6 is demonstrated. By detecting the completion of processing by the hypervisor, the operation mode can be switched from the HV mode. In the example described later, as a first form of checking for HV mode exit, it is guaranteed that an instruction (hereinafter referred to as an HV mode exit instruction) that guarantees that processing to be operated in the HV mode has ended is executed. This is an example of switching the operation mode to the normal mode when the operation is performed.

  The instruction that guarantees that the process to be operated in the HV mode is completed depends on the HV code. Therefore, the instruction has various forms depending on the HV code. For example, in the HV code shown in FIG. 2, when the last instruction “return” of the HV code indicated by reference numeral 203 is called, the processing by the HV code ends. That is, when the processor 101 calls the last instruction 203 to switch the software to be executed to the guest OS, the subsequent processing does not need to be operated in the HV mode. Therefore, in the HV code shown in FIG. 2, the last instruction 203 is used as an HV mode exit instruction. In the present embodiment, the HV mode exit instruction is not limited to the last instruction of the HV code. That is, an instruction prior to the last instruction of the HV code may be used as long as it is guaranteed that the process to be operated in the HV mode is completed.

  When the HV mode exit instruction (last instruction 203) shown in FIG. 2 is executed, first, the processor 101 first stores the address (hereinafter referred to as “HVExit”) of the protected memory 107 in which the HV mode exit instruction is stored. The instruction fetch request is transmitted. Next, the data (instruction stored in “HVExit”) stored in the HV code storage area 112 is transmitted from the protection memory 107 to the processor 101.

  In this embodiment, when the operation mode management circuit 102 detects fetch for the address where the HV mode exit instruction is stored, the operation mode management circuit 102 determines that the processing to be operated in the HV mode has been guaranteed. The operation mode is switched to the normal mode.

  As shown in FIG. 8, first, the fetch detection unit 121 monitors the first communication path and detects an instruction fetch request transmitted from the processor 101 (step S801).

  Next, when the fetch detection unit 121 detects an instruction fetch request, the fetch determination unit 122 determines whether the address specified in the instruction fetch request matches the address of the escape instruction (reference numeral 203 in FIG. 2). It is determined whether or not (step S802). If the fetch determination unit 122 determines that they are different (step S802: No), the instruction fetch is detected again (step S801).

  Next, when the fetch detection unit 121 determines that the address specified in the instruction fetch request matches the address of the escape instruction (reference numeral 203 in FIG. 2) (step S802: Yes), the HV mode escape check is completed. Shall. And the process after step S616 shown in FIG. 6 will be performed.

  In the embodiment described above, the HV code storage area 911 of the system LSI 100 is provided in the protection memory 107 and the storage area of each guest OS is provided in the memory 150. However, an HV code storage area and a storage area for each guest OS may be provided in the same memory. In this case, access to the HV code storage area is restricted by a memory access control unit or the like.

  Note that a limiting method other than the present embodiment may be used as a method for limiting the HV protection area. For example, in an operation mode other than the HV mode, all operations (read / write) may be prohibited for all addresses of all memories and devices stored in the HV protection area. As another example, access or writing to only a part of the address stored in the HV protection area may be prohibited. Moreover, you may combine these restrictions.

  If there is no signal for distinguishing between instruction fetch and data read in the data flowing through the communication path, it is necessary to input a signal indicating the instruction fetch output by the processor 101 on the path different from the communication path to the operation mode management circuit. . This makes it possible to distinguish between instruction fetch and data read.

  By using the system LSI 100 according to the present embodiment, it is possible to secure a protected area that can be accessed only when executing the HV code without depending on the virtualization support function of the processor. By storing information such as memory and device access control information, guest OS management information, and HV code main body in this protection area, it is possible to prevent unauthorized reading / writing of these information from the guest OS. As described above, it is possible to improve safety by reliably realizing isolation between guest OSes.

  In the system LSI 100 according to the present embodiment, the entry portion of the HV code is composed of a plurality of instructions. However, by measuring the time when the entry portion is executed, the plurality of instructions in the entry portion are inseparably performed. Therefore, it is possible to prevent interruption by another code when executing the entry section. Thereby, safety can be improved.

(Second Embodiment)
In the system LSI 100 according to the first embodiment, the example in which the entry portion of the HV code stored in the HV code storage area 112 is configured with a plurality of instructions for confirming that the interrupt is prohibited has been described. However, the entry part of the HV code is not limited to such an instruction. Therefore, in the second embodiment, an example will be described in which the HV code storage area of the system LSI is configured with a plurality of instructions for prohibiting interrupts.

  FIG. 9 is a block diagram showing a configuration of a system LSI 900 according to the second embodiment. The system LSI 100 according to the first embodiment described above includes an operation mode management circuit 901 that is different in processing from the operation mode management circuit 102, and stores HV code that is different from the stored HV code storage area 112. The only difference is that the protection memory 107 includes the area 911. Note that the description of the configuration of the system LSI 900 of the present embodiment that is common to the system LSI 100 of the first embodiment will be omitted.

  First, the HV code storage area 911 stores HV codes. As shown in FIG. 10, the HV code holds the instruction 1 “load R0, = interrupt disabled” 1001 and the instruction 2 “move R0 to SR” 1002 in the entry portion, and the exit code is “return” as in FIG. “1003 is held. In this entry section, a value indicating that interrupts are prohibited is set in “SR” that holds the state of the processor 101. That is, unlike the system LSI 100 according to the first embodiment, there is no need to check the data written to the address “CheckAdr”. In other words, the system LSI 900 according to the present embodiment is an embodiment that can guarantee prohibition of interrupts only by confirming instruction fetch.

  Further, although different from the present embodiment, the entry portion of the HV code may be composed of two or more instructions. As shown in FIG. 11, the case where the entry part of HV code is comprised by n piece etc. is also considered. In the example shown in FIG. 11, it is assumed that writing is prohibited when the third bit of the status register “SR” is “1”. Therefore, by executing n instructions, “1” is set for the third bit of the SR. Even in the case of such n pieces, there is a possibility that another code will be interrupted.

  In addition, the reason why the plurality of entry units instructed in this embodiment is because of the limitation of the instruction set of the processor 101 as in the first embodiment.

  The operation mode management circuit 901 includes a fetch determination unit 921 having a process different from that of the fetch determination unit 122 and the time determination unit 922 having a process different from that of the time determination unit 125, unlike the operation mode management circuit 102 according to the first embodiment. In that the instruction detection unit 124 and the execution determination unit 126 are deleted.

  In addition to the function of the fetch detection unit 121, the fetch determination unit 921 has the address of the last instruction in the entry part of the HV code stored in the HV code storage area 911 of the protection memory 107 described later (instruction 2 shown in FIG. 10). ) Or not. A detailed determination method will be described later.

  The time determination unit 922 determines whether or not a predetermined time has elapsed since the time measurement unit 123 started measuring time. This predetermined time is determined based on the time required to fetch all the instructions in the entry section. As a result, when the time determination unit 922 determines that the predetermined time has elapsed, if the fetch determination unit 921 cannot determine that the last instruction in the entry unit has been detected, an interrupt has been performed by other software. I can judge.

  The processing of the system LSI 900 is different from the processing of the system LSI 100. The fetch detection unit 121 of the operation mode management circuit 911 monitors the first communication path, and the HV code entry unit is appropriately performed. The processing procedure for confirming this is different. Therefore, a processing procedure for confirming that the entry part has been appropriately performed will be described.

  As shown in FIG. 12, first, the fetch detection unit 121 monitors the first communication path to determine whether or not an instruction fetch request transmitted from the processor 101 has been detected (step S1201). This process is repeated until it is detected.

  Next, when the fetch detection unit 121 detects an instruction fetch request (step S1201: Yes), the fetch determination unit 122 determines whether the address specified in the instruction fetch request is the address of the instruction 1 in the entry unit. It is determined whether or not (step S1202). If the fetch determination unit 122 determines that they are different (step S1202: No), the fetch detection unit 121 detects the instruction fetch again (step S1201).

  When the fetch determination unit 122 determines that the address matches the instruction 1 (step S1202: Yes), the time measurement unit 123 starts measuring time (step S1203).

  Next, the time determination unit 922 determines whether or not a predetermined time T has elapsed since the start of time measurement (step S1204). The predetermined time T is a time set in advance as a time required from the detection of the fetch of the instruction 1 to the fetch of the instruction 2.

  If the time determination unit 922 determines that the predetermined time T has elapsed (step S1204: No), the time measurement unit 123 ends the time measurement (step S1208), and the fetch detection unit 121 detects the instruction fetch again. Is performed (step S1201).

  If the time determination unit 922 determines that the predetermined time T has not elapsed (step S1204: Yes), the fetch detection unit 121 monitors the first communication path and receives a command transmitted from the processor 101. It is determined whether a fetch request has been detected (step S1205).

  If the fetch detection unit 121 does not detect an instruction fetch (step S1205: No), the time determination unit 922 starts processing from determining whether the predetermined time T has elapsed (step S1204).

  When the fetch detection unit 121 detects instruction fetch (step S1205: Yes), the fetch determination unit 921 determines whether the fetch address is the address of the instruction 2 (step S1206). If it is determined that the fetch address is not the address of the instruction 2 (step S1206: No), the time determination unit 922 starts processing from determining whether the predetermined time T has elapsed (step S1204).

  Next, when the fetch determination unit 921 determines that the fetch address is the address of the instruction 2 (step S1206: Yes), the time measurement unit 123 ends the time measurement (step S1207). And the process after step S613 shown in FIG. 6 will be performed.

  That is, in the present embodiment, as long as the address of the instruction 2 is fetched, the write prohibited state is set by the instruction 2. This ensures that the processor 101 is in a write-protected state. In other words, as in the first embodiment, it is ensured that a plurality of instructions in the entry portion are inseparably executed without confirming the execution result, so that safety can be ensured.

(Third embodiment)
In the system LSIs according to the first and second embodiments, the example in which interruption by another program is prevented by measuring time has been described. However, the interrupt prevention method is not limited to time measurement. Therefore, in the third embodiment, the prohibition of interrupt is prevented by detecting that the instruction fetch of the entry part of the HV code is performed in the order of instructions.

  FIG. 13 is a block diagram showing a configuration of a system LSI 1300 according to the third embodiment. The system LSI 100 according to the first embodiment described above includes an operation mode management circuit 1301 that is different in processing from the operation mode management circuit 102, and a first HV region protection circuit 1302 that is different in processing from the first HV region protection circuit 104. The second HV area protection circuit 106 is deleted and the connection destination of the first, second, and sixth communication paths is changed. Note that the description of the configuration of the system LSI 1300 of the present embodiment that is common to the system LSI 100 of the first embodiment will be omitted.

  The HV code used in the present embodiment is the same as the HV code shown in the first embodiment, and the description thereof is omitted. When an entry code is implemented with two or more instructions for such an HV code, an arbitrary user code may be executed during the process and the interrupt disabled state may be disguised.

  FIG. 14 is an explanatory diagram showing a process for impersonating an interrupt disabled state in the entry code shown in FIG. In the example shown in FIG. 14, an unauthorized user code enters from the middle of the entry part of the entry code, and the state of the processor 101 is disguised as an interrupt prohibited state. Specifically, the unauthorized user code executes the “enable interrupt” instruction to permit the processor 101 to interrupt. Thereafter, the illegal user code executes a “load R0, fake SR value” instruction to cause the general-purpose register “R0” to read a fake SR value. Thereafter, the process jumps to instruction 2 of the entry code. Then, when executing the instruction 2, the processor 101 writes a false SR value indicating that the interrupt is prohibited to the CheckAdr even though it is actually in the interrupt enabled state. As a result, when the operation mode management unit refers to the value of CheckAdr, it can be determined that the interrupt is prohibited. Therefore, the hypervisor is executed in the interrupt enabled state, and the operation mode is switched to the HV mode. If an interrupt is performed by an unauthorized user code, the jump to the interrupt handler for the unauthorized user code remains in the HV mode.

  Further, in the example shown in FIG. 14, it is not necessary to perform the entire entry portion of the HV code. Therefore, even when interrupted by an unauthorized user code, the execution time of the entry portion may be shortened. For this reason, it is difficult to use the method shown in the first embodiment.

  Therefore, in the operation mode management circuit 1301 according to the present embodiment, it is confirmed that the instructions in the entry section are fetched in the order of instructions, and the interrupt disabled state is guaranteed. That is, since the operation mode management circuit 1301 according to the present embodiment monitors the first communication path, not only the fetch request from the processor 101 to the protection memory 107 but also the fetch request to the memory 150 should be monitored. Can do. In other words, if the fetch request is made in the order of instructions to the entry part, the fetch request is not made to the code other than the hypervisor code. Therefore, the operation mode management circuit 1301 can guarantee that no interruption by another code is performed.

  Returning to FIG. 13, the operation mode management circuit 1301 includes a fetch detection unit 1311 that is different in processing from the fetch detection unit 121 and the operation mode management circuit 102 according to the first embodiment. The difference is that a different fetch determination unit 1312 is provided, and the time measurement unit 123 and the time determination unit 125 are deleted.

  The fetch detection unit 1311 detects an instruction fetch via a sixth communication path that connects the processor 101, the memory access control unit 103, the device access control unit 105, and the protection memory 107.

  The fetch determination unit 1312 determines whether the instruction fetch detected by the fetch detection unit 121 is the address of each instruction constituting the entry part of the HV code stored in the HV code storage area 112 of the protected memory 107. . In addition, the fetch determination unit 1312 also determines whether or not the instruction fetch is fetching in the order of instructions in the entry part.

  The first HV area protection circuit 1302 includes a first control unit 1321 and receives an access request from the processor 101 via the first communication path. The first HV area protection circuit 1302 connects the memory access control unit 103, the device access control unit 105, and the protection memory 107 via the second communication path. The first HV area protection circuit 1302 receives a mode information signal from the operation mode management circuit 1301.

  The first control unit 1321 performs control to release access to the control information included in the memory access control unit 103 and the device access control unit 105 and the protection memory 107 when an input indicating that the operation mode is the HV mode is input. . Further, when an input indicating that the operation mode is the normal mode is input, control for prohibiting access to the control information included in the memory access control unit 103 and the device access control unit 105 and the protection memory 107 is performed.

  Further, the processing of the system LSI 1300 is different from the processing of the system LSI 100, and the fetch detection unit 1311 of the operation mode management circuit 1301 monitors the sixth communication path, and the entry part of the HV code is appropriately performed. The processing procedure for confirming this is different. Therefore, a processing procedure for confirming that the entry part has been appropriately performed will be described.

  As shown in FIG. 15, first, the operation mode management circuit 1301 sets ‘1’ as an initial value to a variable i in order to perform an entry check (step S <b> 1501). Next, the fetch detection unit 1311 monitors the sixth communication path and determines whether or not an instruction fetch request transmitted from the processor 101 has been detected (step S1502). This process is repeated until it is detected.

  Next, when the fetch detection unit 1311 detects an instruction fetch request (step S1502: Yes), the fetch determination unit 1312 determines that the address specified in the instruction fetch request is the i-th instruction (initially) of the entry unit. It is determined whether the address is i = '1') (step S1503). If the fetch determination unit 1312 determines that the values are different (step S1503: No), the operation mode management circuit 1301 starts again from the process of setting ‘1’ as the initial value for the variable i (step S1501).

  If the fetch determination unit 1312 determines that the address matches the address of the instruction i (step S1503: Yes), the operation mode management circuit 1301 adds “1” to the variable i (step S1504). Then, the operation mode management circuit 1301 determines whether or not the variable i is larger than “2” (step S1505). That is, the above-described processing is repeated for the number of instructions included in the entry part of the HV code.

  In step S1505, since the entry portion of the HV code according to the present embodiment is composed of two instructions, it is determined whether or not the variable i is larger than “2”. In other words, if the entry part is composed of n instructions, it may be determined whether or not the variable i is larger than n.

  When the operation mode management circuit 1301 determines that the variable i is '2' or less (step S1505: No), the operation mode management circuit 1301 determines again whether or not the fetch detection unit 1311 has detected an instruction fetch request transmitted from the processor 101. (Step S1502).

  If the operation mode management circuit 1301 determines that the variable i is greater than “2” (step S1505: Yes), the instruction detection unit 124 monitors the sixth communication path and issues a data write request from the processor 101. It is determined whether or not it has been detected (step S1506). If it is determined that it has not been detected (step S1506: No), the processing is repeated until a write request is detected.

  Next, when the instruction detection unit 124 detects a data write request (step S1506: Yes), it is determined whether or not the address specified in the data write request matches “CheckAdr” (step S1507). If the instruction detection unit 124 determines that the values are different (step S1507: NO), the operation mode management circuit 1301 starts again from the process of setting “1” as an initial value to the variable i (step S1501).

  If the instruction detection unit 124 determines that the address matches “CheckAdr” (step S1507: Yes), the execution determination unit 126 matches the data specified in the write request with the value of “SR” indicating that the interrupt is prohibited. It is determined whether or not to perform (step S1508). If the execution determining unit 126 determines that the values are different (step S1508: NO), the operation mode management circuit 1301 starts again from the process of setting ‘1’ as the initial value for the variable i (step S1501).

  Next, when the execution determination unit 126 determines that the write data and the value of 'SR' indicating interrupt prohibition match (step S1508: Yes), the execution determination unit 126 was able to confirm that the HV code entry unit was appropriately executed. Shall. And the process after step S613 shown in FIG. 6 will be performed.

  In the system LSI 1300 according to the present embodiment, it is possible to confirm that an interrupt by another code is not performed by confirming that instructions in the entry part of the HV code are fetched in order. Thereby, safety can be ensured.

(Modification of the third embodiment)
In the third embodiment, instruction fetch confirmation is performed by loop processing (steps S1502 to S1505). However, when the number of instructions is small, the above-described instruction fetch confirmation loop processing may be developed. . Therefore, in a modification of the third embodiment, an example in which loop processing is developed will be described.

  When designing the hardware circuit that actually checks the entry code, if the number of instructions in the entry code is small, the implementation is simpler if the loop is expanded.

  FIG. 16 shows a processing procedure in which the instruction fetch confirmation loop of the processing procedure shown in FIG. 15 of the third embodiment is expanded by two instruction fetch confirmations. In the flowchart of FIG. 16, compared with FIG. 15, it is not necessary to implement hardware for performing the calculation of the variable i, and it can be designed as a simple state transition circuit.

  As shown in FIG. 16, the fetch detection unit 1311 monitors the sixth communication path and determines whether or not an instruction fetch request transmitted from the processor 101 has been detected (step S1601). This process is repeated until it is detected.

  Next, when the fetch detection unit 1311 detects an instruction fetch request (step S1601: Yes), the fetch determination unit 1312 determines whether the address specified in the instruction fetch request is the address of the instruction 1 of the entry unit. It is determined whether or not (step S1602). If the fetch determination unit 1312 determines that they are different (step S1602: No), it again determines whether an instruction fetch request by the fetch detection unit 1311 has been detected (step S1601).

  When the fetch determination unit 1312 determines that the address matches the address of the instruction 1 (step S1602: Yes), the fetch detection unit 1311 monitors the sixth communication path and transmits the instruction transmitted from the processor 101. It is determined whether a fetch request has been detected (step S1603). This process is repeated until it is detected.

  Next, when the fetch detection unit 1311 detects an instruction fetch request (step S1603: Yes), the fetch determination unit 1312 determines whether the address specified in the instruction fetch request is the address of the instruction 2 in the entry unit. It is determined whether or not (step S1604). If the fetch determination unit 1312 determines that they are different (step S1604: No), it performs processing to determine again whether an instruction fetch request by the fetch detection unit 1311 has been detected (step S1601).

  When the fetch determination unit 1312 determines that the address matches the address of the instruction 2 (step S1604: Yes), the instruction detection unit 124 monitors the sixth communication path and issues a data write request from the processor 101. It is determined whether or not it has been detected (step S1605). If it is determined that it has not been detected (step S1605: NO), the processing is repeated until a write request is detected.

  Next, when the instruction detection unit 124 detects a data write request (step S1605: Yes), it is determined whether or not the address specified in the data write request matches ‘CheckAdr’ (step S1606). If the instruction detection unit 124 determines that they are different (step S1606: No), it again determines whether an instruction fetch request by the fetch detection unit 1311 has been detected (step S1601).

  If the instruction detection unit 124 determines that the address matches “CheckAdr” (step S1606: Yes), the execution determination unit 126 matches the data specified in the write request with the value of “SR” indicating that the interrupt is prohibited. It is determined whether or not to perform (step S1607). If the execution determining unit 126 determines that they are different (step S1607: NO), it again determines whether an instruction fetch request by the fetch detecting unit 1311 has been detected (step S1601).

  Next, when the execution determination unit 126 determines that the write data and the value of 'SR' indicating interrupt prohibition match (step S1607: Yes), the execution determination unit 126 was able to confirm that the HV code entry unit was appropriately executed. End as a thing. And the process after step S613 shown in FIG. 6 will be performed.

  The hardware circuit can be simplified by performing the processing procedure described above. In the embodiment described later, even when instruction fetch confirmation is loop-processed, the loop process may be developed as described above.

(Fourth embodiment)
In the fourth embodiment, as in the third embodiment, it is confirmed that the instruction fetch of the entry part of the HV code is performed in the order of instructions. The fourth embodiment is different from the third embodiment in that the processing of the entry part of the HV code is composed of a plurality of instructions for prohibiting interrupts.

  FIG. 17 is a block diagram showing the configuration of a system LSI 1700 according to the fourth embodiment. The system LSI 1300 according to the third embodiment described above differs from the operation mode management circuit 1301 in operation mode management circuit. The only difference is that 1701 is provided. Note that the description of the configuration of the system LSI 1700 of this embodiment that is common to the system LSI 1300 of the third embodiment will be omitted.

  The HV code used in the present embodiment is the same as the HV code shown in the second embodiment, and the description thereof is omitted. When an entry code is implemented with two or more instructions for such an HV code, an arbitrary user code may be executed during the process and the interrupt disabled state may be disguised.

  The operation mode management circuit 1701 is different from the operation mode management circuit 1301 according to the third embodiment in that the instruction detection unit 124 and the execution determination unit 126 are deleted.

  The processing of the system LSI 1700 differs from the processing of the system LSI 1300 in that the fetch detection unit 1311 of the operation mode management circuit 1701 monitors the sixth communication path and confirms that the HV code entry unit has been appropriately performed. The processing procedure to check is different. Therefore, a processing procedure for confirming that the entry part has been appropriately performed will be described.

  The processes from Steps S1801 to S1805 in FIG. 18 are the same as the processes from Steps S1501 to S1805 in FIG. Then, the process ends when the processing is performed up to step S1805. In other words, the processing procedure shown in FIG. 18 does not require processing for detecting data writing and checking whether or not an interrupt is disabled after step S1805 in FIG.

  In other words, in the present embodiment, as long as the addresses are fetched in the order of the instructions 1 and 2, the processor 101 executes these instructions, so that the processor 101 is in a write-protected state. This ensures that the processor 101 is in a write-protected state. Further, it can be assured that a plurality of instructions in the entry part are inseparably performed. Thereby, safety can be ensured.

(Fifth embodiment)
In the fifth embodiment, it is detected that the interrupt prevention by the time measurement shown in the first embodiment and the instruction fetch of the entry part of the HV code shown in the third embodiment are sequentially performed. Let's take an example. The HV code according to the present embodiment is the code shown in FIG. 3 having an entry part for confirming that the interrupt is prohibited.

  FIG. 19 is a block diagram showing a configuration of a system LSI 1900 according to the fifth embodiment. The system LSI 100 according to the first embodiment described above includes an operation mode management circuit 1901 whose processing is different from that of the operation mode management circuit 102, and an HV code storage region in which the HV code stored in the HV code storage region 112 is different. The only difference is that 1902 is provided. In addition, the description of the configuration of the system LSI 1900 of the present embodiment that is common to the system LSI 100 of the first embodiment will be omitted.

  The HV code storage area 1902 stores the HV code shown in FIG. As shown in FIG. 3, the entry portion of the HV code is composed of n instructions and confirms whether or not the processor 101 is in an interrupt disabled state.

  In the system LSI 1900 according to the present embodiment, the combination of a plurality of interrupt preventions is only to measure the execution time of the entry unit as shown in the first embodiment, for example, when the number of instructions in the entry code is large. Then, there is a possibility that the interrupt disabled state is disguised.

  In the entry part of the HV code shown in FIG. 20, the value held by the SR is written to the address “CheckAdr” by executing n instructions.

  On the other hand, the unauthorized user code first writes a false SR value into the general register R2, reads the immediate value of CheckAdr into R3, permits an interrupt, and then jumps to the instruction 1 of the entry code. Then, after execution of this instruction 1, some interrupt is generated, jumps to the interrupt handler of the illegal user code, and the value of R2 is written in “CheckAdr” using R3 as a base register.

  In other words, the illegal user code sets an illegal value in the general-purpose register in advance before calling the entry part of the HV code, and 1) executes the instruction 1, 2) generates an interrupt, and 3) sets the value of the false SR to CheckAdr. Impersonation of the interrupt disabled state is realized by three processes of writing to. Since the execution time of these three processes is shorter than the execution time of n instructions in the entry part of the HV code, an illegal interrupt cannot be detected only by measuring the time.

  Furthermore, since the system LSI 1900 according to the fifth embodiment has a different communication path configuration from the system LSI 1300 according to the third embodiment, it is not possible to detect all instruction fetches. That is, in the system LSI 1900, when the entry portion of the HV code is fetched in the order of instructions, there is a possibility that the instruction of the illegal user code is also fetched.

  Therefore, in the operation mode management circuit 1901 of the system LSI 1900 according to the fifth embodiment, the time measurement shown in the first embodiment and the instruction fetch of the entry portion of the HV code shown in the third embodiment. It was decided to detect that the processes were sequentially performed.

  Returning to FIG. 19, the operation mode management circuit 1901 includes a fetch detection unit 1311 that is different in processing from the fetch detection unit 121 and the operation mode management circuit 102 according to the first embodiment. The difference is that a different fetch determination unit 1312 is provided. Since the fetch detection unit 1311 and the fetch determination unit 1312 are shown in the third embodiment, description thereof is omitted.

  Further, the processing of the system LSI 1900 differs from the processing of the system LSI 100 in that the fetch detection unit 1311 of the operation mode management circuit 1901 monitors the first communication path, and the HV code entry unit is appropriately performed. The processing procedure for confirming this is different. Therefore, a processing procedure for confirming that the entry part has been appropriately performed will be described.

  As shown in FIG. 21, first, the fetch detection unit 1311 monitors the first communication path and determines whether or not an instruction fetch request transmitted from the processor 101 has been detected (step S2101). This process is repeated until it is detected.

  Next, when the fetch detection unit 1311 detects an instruction fetch request (step S2101: Yes), the fetch determination unit 1312 determines whether the address specified in the instruction fetch request is the address of the instruction 1 in the entry unit. It is determined whether or not (step S2102). If the fetch determination unit 1312 determines that they are different (step S2102: No), the fetch detection unit 1311 detects instruction fetch again (step S2101).

  When the fetch detection unit 1311 determines that the address matches the instruction 1 (step S2102: Yes), the time measurement unit 123 starts measuring time (step S2103).

  Next, the operation mode management circuit 1901 sets ‘2’ as an initial value to the variable i in order to perform an entry check (step S <b> 2104).

  Next, the time determination unit 125 determines whether or not a predetermined time T has elapsed since the start of time measurement (step S2105). The predetermined time T is a time set in advance as a time required from the detection of the fetch of the instruction 1 to the execution of the instruction n.

  If the time determination unit 125 determines that the predetermined time T has elapsed (step S2105: No), the time measurement unit 123 ends the time measurement (step S2110), and the fetch detection unit 1311 detects the instruction fetch again. Is performed (step S2101).

  If it is determined by the time determination unit 125 that the predetermined time T has not elapsed (step S2105: Yes), the fetch detection unit 1311 monitors the first communication path and is transmitted from the processor 101. It is determined whether an incoming instruction fetch request is detected (step S2106). This process is repeated until it is detected.

  Next, when the fetch detection unit 1311 detects an instruction fetch request (step S2106: Yes), the fetch determination unit 1312 determines that the address specified by the instruction fetch request is the address of the i-th instruction in the entry unit. It is determined whether or not there is (step S2107). If the fetch determination unit 1312 determines that they are different (step S2107: No), the fetch detection unit 1311 detects instruction fetch again (step S2101).

  If the fetch determination unit 1312 determines that the address matches the address of the instruction i (step S2107: Yes), the operation mode management circuit 1901 adds ‘1’ to the variable i (step S2108). Then, the operation mode management circuit 1901 determines whether or not the variable i is larger than n (step S2109). That is, the above-described processing is repeated for the number n of instructions included in the entry portion of the HV code.

  When the operation mode management circuit 1901 determines that the variable i is n or less (step S2109: No), the time determination unit 125 starts again from the process of determining whether or not the predetermined time T has elapsed since the start of time measurement. This is performed (step S2105).

  Next, when the operation mode management circuit 1901 determines that the variable i is larger than n (step S2109: Yes), the time determination unit 125 determines whether or not a predetermined time T has elapsed since the time measurement started. (Step S2111).

  When the time determination unit 125 determines that the predetermined time T has elapsed (step S2111: No), the time measurement unit 123 ends the time measurement (step S2110), and the fetch detection unit 1311 detects the instruction fetch again. Is performed (step S2101).

  If the time determination unit 125 determines that the predetermined time T has not elapsed (step S2111: Yes), the instruction detection unit 124 monitors the first communication path and issues a data write request from the processor 101. It is determined whether or not it has been detected (step S2112). If it is determined that no detection has been made (step S2112: No), the time determination unit 125 starts processing from determining whether the predetermined time T has elapsed (step S2111).

  Next, when the instruction detection unit 124 detects a data write request (step S2112: Yes), the time measurement unit 123 ends the time measurement (step S2113). Then, the instruction detection unit 124 determines whether or not the address specified by the data write request matches “CheckAdr” (step S2114). If the instruction detection unit 124 determines that they are different (step S2114: No), the fetch detection unit 121 detects the instruction fetch again (step S2101).

  If the instruction detection unit 124 determines that the address matches “CheckAdr” (step S2114: Yes), the execution determination unit 126 matches the data specified in the write request with the value of “SR” indicating that the interrupt is prohibited. It is determined whether or not to perform (step S2115). If the execution determining unit 126 determines that they are different (step S2115: No), the fetch detecting unit 121 detects the instruction fetch again (step S2101).

  Next, when the execution determination unit 126 determines that the write data and the value of 'SR' indicating interrupt prohibition match (step S2115: Yes), the execution determination unit 126 was able to confirm that the HV code entry unit was appropriately executed. Shall. And the process after step S613 shown in FIG. 6 will be performed.

  According to the system LSI 1900 of the above-described embodiment, the interrupt prevention by time measurement is combined with the process of detecting that the instruction fetch of the entry part of the HV code shown in the third embodiment is sequentially performed. It was decided. As a result, when there are many instructions in the entry portion of the HV code, it is possible to detect an illegal interrupt that cannot be detected only by time measurement because the processing is performed in a short time. Thereby, safety is improved.

(Sixth embodiment)
In the sixth embodiment, it is detected that the interruption prevention by the time measurement shown in the first embodiment and the instruction fetch of the entry part of the HV code shown in the third embodiment are sequentially performed. Let's take an example. Further, the HV code according to the present embodiment is the code shown in FIG. 11 having an entry part for setting the interrupt disabled state.

  FIG. 22 is a block diagram showing a configuration of a system LSI 2200 according to the sixth embodiment. The operation mode management circuit is different from the operation mode management circuit 901 in processing in the system LSI 900 according to the second embodiment described above. 2201 is different from the HV code storage area 911 in that the HV code storage area 2202 is different from the HV code storage area 911 stored therein. Note that the description of the configuration of the system LSI 2200 of the present embodiment that is common to the system LSI 900 of the second embodiment will be omitted.

  The HV code storage area 2202 stores the HV code shown in FIG. As shown in FIG. 11, the entry portion of the HV code is composed of n instructions, and the processor 101 is set to the interrupt disabled state.

  The operation mode management circuit 2201 includes a fetch detection unit 1311 having a process different from that of the fetch detection unit 121 and the fetch determination unit 1312 having a process different from that of the fetch determination unit 921 in the operation mode management circuit 901 according to the second embodiment. It differs in that it is equipped with. Note that the fetch detection unit 1311 and the fetch determination unit 1312 have been described in the third embodiment, and a description thereof will be omitted.

  The processing from step S2301 to S2310 in FIG. 23 is the same as the processing from step S2101 to S2110 in FIG. Then, when the variable i becomes larger than the number of instructions n in the entry part in step S2309 (step S2309: Yes), the time measurement unit 123 finishes the time measurement, assuming that all instruction fetches have been detected (step S2309). S2311), the process is terminated. In other words, the processing procedure shown in FIG. 23 does not require the processing of detecting data writing and confirming whether or not the interrupt is disabled, which is performed after step S2111 in FIG.

  In other words, in the present embodiment, since the addresses of n instructions are fetched in the order of instructions, the processor 101 executes these instructions to put the processor 101 in a write-protected state. This ensures that the processor 101 is in a write-protected state. Further, it can be assured that a plurality of instructions in the entry part are inseparably performed. Thereby, safety can be ensured.

  According to the system LSI 2200 of the above-described embodiment, the interrupt prevention based on time measurement is combined with the process of detecting that the instruction fetch of the entry part of the HV code shown in the third embodiment is sequentially performed. It was decided. As a result, when there are many instructions in the entry portion of the HV code, it is possible to detect an illegal interrupt that cannot be detected only by time measurement because the processing is performed in a short time. Thereby, safety is improved.

(Modification)
Moreover, it is not limited to each embodiment mentioned above, The various deformation | transformation which is illustrated below is possible.

(Modification 1)
In the first to sixth embodiments described above, the case where the instruction fetch unit of the processor 101 is one instruction has been described. However, the above-described embodiment does not limit the instruction fetch unit for each instruction. Therefore, in this modification, an example for every two instructions will be described.

  In the system LSI according to this modification, the processor fetches an instruction every two instructions. A method for confirming whether or not the processor is in an interrupt disabled state at the time of instruction fetch is the same as that in the above-described embodiment.

  When the instruction fetch unit is a plurality of instructions, there is a possibility that the interrupt disabled state is disguised depending on the arrangement of instructions in the entry part of the HV code. Therefore, the arrangement of instructions in which the interrupt disabled state is impersonated in the entry part of the HV code will be described.

  In the example shown in FIG. 24, it is assumed that the entry part of the HV code is 2 instructions. Then, every two instructions in the instruction fetch unit of the processor. When the instruction 1 in the entry part is arranged at the address boundary in the instruction fetch unit, two instructions in the entry part are simultaneously read out by one instruction fetch.

  For this reason, when instruction fetch confirmation as shown in the third and fourth embodiments is performed, instruction fetch confirmation is performed only once. In this case, the following disguise of interrupt disabled state can be considered.

  As shown in FIG. 24, the unauthorized user code first reads a fake SR value into R0 and then permits an interrupt. Thereafter, the process jumps to instruction 2 in the entry part. At this time, since instruction fetch occurs in units of two instructions, instruction fetch occurs for the address of instruction 1. Therefore, the operation mode management circuit determines that the entry part of the HV code has been correctly called. Nevertheless, even though the instruction 2 in the entry section is in the interrupt enabled state, it writes a false SR value indicating interrupt prohibition to the address “CheckAdr”.

  As a result, the HV code is executed with the interrupt permitted. When an interrupt occurs due to an unauthorized user code, the operation mode is in the HV mode, and the routine jumps to an unauthorized user code interrupt handler.

  Therefore, the following HV codes are stored in the HV code storage area of the system LSI in this modification.

  In other words, when the HV code is stored in the HV code storage area, the head instruction of the original entry part is arranged at the end of the first instruction fetch unit in order to prevent the above-mentioned impersonation.

  In the HV code shown in FIG. 25, instruction 1 and instruction 3 are arranged at the boundary of two instructions in the entry part. Thereby, in the fetch request from the processor, instruction 1 and instruction 2, and instruction 3 and instruction 4 are fetched simultaneously.

  In order to prevent the above-mentioned impersonation, the move instruction which is the first instruction of the original entry part is arranged at the end of the first instruction fetch unit, that is, at the second instruction. The store instruction, which is the second instruction in the entry section, is arranged at the beginning of the second instruction fetch unit, that is, at the third instruction. As a result, when an unauthorized user code tries to perform the above-mentioned disguise, the fetch request for instruction fetch unit 1 is not made, but the fetch request for instruction fetch unit 2 is made, and the operation mode management circuit makes an abnormal fetch request. Can be determined.

  Further, even when the number of instructions in the instruction fetch unit is a plurality of instructions, the processing described in the above embodiment can be applied almost as it is.

  In the above-described embodiment, an instruction (for example, n instructions) is replaced with an instruction fetch unit (for example, n instruction fetch units), and what number instruction the variable i has been set to in the entry part. By replacing with the instruction fetch unit and replacing the instruction address with the head address of the instruction fetch unit, the number of instructions in the instruction fetch unit can correspond to a plurality of instructions.

(Modification 2)
In the first to sixth embodiments described above, the case where the processor 101 does not have a prefetch function has been described. However, the above-described embodiment is not limited to the case where the processor does not have a prefetch function. Therefore, in this modification, a case where a prefetch function is provided will be described.

  When the processor provided with the system LSI has an instruction prefetch function, instruction fetch of the subsequent instructions is performed during execution of a certain instruction. Therefore, even if an instruction fetch for an instruction is detected, the instruction is not always executed.

  In the entry portion of the HV code shown in FIG. 2, the SR value is written to CheckAdr by the instruction 2 to guarantee that the interrupt is prohibited. However, when the processor has an instruction prefetch function, the instruction 2 is already prefetched during the execution of the instruction 1.

  In order to cope with such a case, when the instruction up to the last instruction (hereinafter referred to as a guaranteed instruction) that guarantees prohibition of interrupt in the entry portion is correctly executed, the range of instructions for which an instruction fetch request is made by prefetching is determined in advance. It is sufficient to check the instruction fetch including the prefetch range when checking the instruction fetch in the entry part.

  As shown in FIG. 26, the instruction 2 and subsequent instructions are executed after a little time has elapsed after fetching. If the entry unit needs to execute two instructions, the instruction fetch performed when the second instruction is executed may be confirmed. In the example shown in FIG. 26, the execution of the instruction 2 is guaranteed by confirming the instruction fetch of the instruction 4.

  Therefore, in order to make the processing performed in the above-described embodiment correspond to a processor with a prefetch function, in addition to the instructions up to the guarantee instruction included in the entry part of the HV code, the instructions in the prefetch range are also entered. It is necessary to include in the department.

  First, a method corresponding to the prefetch function when the number of instructions per instruction fetch unit = 1 is described. Like the HV code shown in FIG. 3, the HV code shown in FIG. 27 originally has an entry part for checking the interrupt disabled state with two instructions.

  In the example shown in FIG. 27, after the fetch request for the instruction 1 and the instruction 2, which are the original entry parts, is performed, the instruction 2 is executed, and then writing to the address “CheckAdr” is performed. Up to instruction n is prefetched. Note that the number of instructions n depends on the performance of the processor. Therefore, in the example shown in FIG. 27, the nop instruction (the instruction 9 that does nothing) is arranged up to the instruction n.

  In this modification, a nop instruction (an instruction that does nothing) is arranged in the prefetched range for explanation, but an HV processing code body may be arranged.

  That is, when the processing shown in the first, third, or fifth embodiment is applied in this modification, the prefetched instruction n is not yet prefetched when the instruction 1 is executed, and the execution of the instruction 2 is started. It is desirable that the instruction be prefetched until data is written to 'CheckAdr'.

  Although different from the HV code of this modification, when applied to the processing shown in the second, fourth, or sixth embodiment, it is desirable that the instruction be prefetched during the execution of the instruction 2.

  In this way, by providing instructions in the entry portion of the HV code including the prefetch range, the processing procedure described in the above-described embodiment can be applied to a system LSI including a processor having a prefetch function.

  Similarly, even when the number of instructions per instruction fetch is plural, it is possible to deal with a processor having a prefetch function.

  As in FIG. 25, the HV code shown in FIG. 28 has an entry portion in which the instruction fetch unit corresponds to every two instructions. In the example shown in FIG. 28, instructions 5 and 6 are fetched until a fetch request is made for instruction 2 and instruction 3, which are the original entry codes, and writing to address 'CheckAdr' is performed by executing instruction 3. Is an example of prefetching.

  As described above, by configuring the entry part including the prefetch range, the processing procedure described in the above embodiment can be applied to a system LSI including a processor having a prefetch function.

1 is a block diagram showing a configuration of a system LSI according to a first embodiment. It is the figure which showed the example of the binary code of the HV code which the system LSI concerning 1st Embodiment has. It is the figure which showed the example of the binary code of the HV code which the system LSI concerning other embodiment has. It is the figure which showed the 1st example in which execution transfers to the software code which performs an unauthorized process in the middle of execution of the entry part comprised by the several instruction | command of a hypervisor on the conventional system LSI. It is a figure showing an example of software composition of a system LSI concerning a 1st embodiment. 6 is a flowchart showing a processing procedure for controlling access to an HV protection area by switching an operation mode according to whether or not an HV code is executed in the system LSI according to the first embodiment. 6 is a flowchart showing a processing procedure for confirming that an entry part of an HV code is properly executed in an operation mode management circuit in the system LSI according to the first embodiment. 5 is a flowchart showing a procedure for detecting an escape from the HV mode of the operation mode management circuit in the system LSI according to the first embodiment. It is a block diagram which shows the structure of the system LSI concerning 2nd Embodiment. It is the figure which showed the example of the binary code of the HV code which the system LSI concerning 2nd Embodiment has. It is the figure which showed the example of the binary code of the HV code which the system LSI concerning other embodiment has. 14 is a flowchart showing a processing procedure for confirming that an entry part of an HV code is properly executed in an operation mode management circuit in the system LSI according to the second embodiment. It is a block diagram which shows the structure of the system LSI concerning 3rd Embodiment. It is the figure which showed the 2nd example by which execution transfers to the software code which performs an illegal process in the middle of execution of the entry part comprised by the several instruction | command of a hypervisor on the conventional system LSI. 14 is a flowchart illustrating a processing procedure for confirming that an entry part of an HV code is properly executed in an operation mode management circuit in a system LSI according to a third embodiment. 14 is a flowchart illustrating a processing procedure for confirming that an entry part of an HV code is appropriately executed in an operation mode management circuit in a system LSI according to a modification of the third embodiment. It is a block diagram which shows the structure of the system LSI concerning 4th Embodiment. 14 is a flowchart illustrating a processing procedure for confirming that an entry part of an HV code is properly executed in an operation mode management circuit in a system LSI according to a fourth embodiment. It is a block diagram which shows the structure of the system LSI concerning 5th Embodiment. It is the figure which showed the 3rd example in which execution transfers to the software code which performs an unauthorized process in the middle of execution of the entry part comprised by the several instruction | command of a hypervisor on the conventional system LSI. In the system LSI according to the fifth embodiment, it is a flowchart showing a processing procedure for confirming that the entry portion of the HV code is properly executed in the operation mode management circuit. It is a block diagram which shows the structure of the system LSI concerning 6th Embodiment. In the system LSI according to the sixth embodiment, it is a flowchart showing a processing procedure for confirming that the entry part of the HV code is properly executed in the operation mode management circuit. The figure which showed the example which execution moves to the software code which performs illegal processing in the middle of execution of the entry section which consists of plural instructions of the hypervisor on the conventional system LSI which has the processor which fetches plural instructions simultaneously It is. FIG. 3 is a diagram showing an example of HV code arranged so that each instruction in the entry section shown in FIG. 2 can be prevented from being camouflaged when the instruction fetch unit is every two instructions. When a processor has a prefetch function, it is explanatory drawing which showed the time relationship of instruction fetch and execution. It is the figure which showed the example of the HV code which can ensure that it is an interruption prohibition state, even when the fetch request from the processor with a prefetch function is performed. It is the figure which showed the example of the HV code which can be guaranteed that it is an interruption prohibition state, even when the fetch request of 2 instructions from the processor with a prefetch function is performed.

Explanation of symbols

100, 900, 1300, 1700, 1900, 2200 System LSI
101 processor 102, 901, 1301, 1701, 1901, 2012 operation mode management circuit 103 memory access control unit 104, 1302 first HV region protection circuit 105 device access control unit 106 second HV region protection circuit 107 protection memory 112, 911, 1902, 2202 HV code storage area 121, 1311 Fetch detection unit 122, 921, 1312 Fetch determination unit 123 Time measurement unit 124 Instruction detection unit 125, 922 Time determination unit 126 Execution determination unit 127 Mode switching unit 131, 1321 First control unit 132 First 2 control unit 150 memory 151 first guest OS storage area 152 second guest OS storage area 153 third guest OS storage area 154 first memory area 155 second memory area 156 third memory area 60 device

Claims (7)

A processor;
A first storage unit for storing privileged software that allows the processor to access a first access range;
A second storage unit that stores software that causes the processor to access a second access range that is narrower than the first access range;
A communication path for connecting the first storage unit and the processor and performing communication of data necessary for executing the privileged software on the processor;
Of the plurality of instructions executed when the processor starts up the privileged software that is included in the privileged software via the communication path, the processor fetches the first instruction to the storage address. Fetch detection means for detecting;
Detecting means for detecting that a specific instruction of the plurality of instructions is executed by the processor via the communication path;
When the processor is executing the software, the fetch detection unit detects a fetch to the storage address, and the detection unit detects that the specific instruction has been executed. Time determination means for determining whether time has elapsed,
A determination means for determining whether or not interrupting to the processor is prohibited from a result of the processor executing the specific instruction when it is determined that the predetermined time has not elapsed;
Control means for releasing the access in the first access range to the processor when the execution determining means determines that the interrupt to the processor is prohibited;
An information processing apparatus comprising: The processor fetches instructions in a plurality of units,
The fetch detecting means detects a fetch of a head address of an instruction in a plurality of units including the first instruction as the storage address;
The information processing apparatus according to claim 1. The first storage unit arranges a first instruction among the plurality of instructions at a tail end of a plurality of instructions fetched by the processor;
The information processing apparatus according to claim 2. The processor has a prefetch function for fetching instructions in advance before execution,
The storage unit constitutes the plurality of instructions by the number of fetch targets of the processor at a timing at which an instruction for confirming that the processor is in a write-protected state is executed;
The information processing apparatus according to claim 1. A processor;
A first storage unit for storing privileged software that allows the processor to access a first access range;
A second storage unit that stores software that causes the processor to access a second access range that is narrower than the first access range;
A communication path for connecting the first storage unit and the processor and performing communication of data necessary for executing the privileged software on the processor;
Of the plurality of instructions that are executed when the processor starts up the privileged software that is included in the privileged software via the communication path, the first storage address storing the first instruction is stored. First fetch detection means for detecting a fetch;
The processor detects a fetch to a second storage address storing a specific instruction among the plurality of instructions included in the privileged software stored in the first storage unit via the communication path. Two fetch detection means;
When the processor is executing the software, the first fetch detection means detects a fetch to the first storage address, and then the second fetch detection means detects a fetch to the second storage address. Time determination means for determining whether or not a predetermined time has elapsed before
Control means for releasing access of the first access range to the processor when it is determined that the predetermined time has not elapsed;
An information processing apparatus comprising: A processor;
A first storage unit for storing privileged software that allows the processor to access a first access range;
A second storage unit that stores software that causes the processor to access a second access range that is narrower than the first access range;
A communication path for connecting the first storage unit and the processor and performing communication of data necessary for executing the privileged software on the processor;
Fetch detection means for detecting fetches to a plurality of instructions executed when the processor starts up the privileged software, which is an instruction included in the privileged software, via the communication path;
Whether or not the fetch from the detected fetch destination address to the storage address storing each instruction constituting the plurality of instructions is performed in the order of instructions when the processor is executing the software Fetch determination means for determining;
Detecting means for detecting that a specific instruction of the plurality of instructions is executed by the processor when it is determined that the plurality of instructions are fetched in the order of instructions;
Determination means for determining whether or not an interrupt to the processor is prohibited from the detected execution results of the plurality of instructions;
Control means for releasing access in the first access range to the processor when it is determined that interrupts are prohibited;
An information processing apparatus comprising: A processor;
A first storage unit for storing privileged software that allows the processor to access a first access range;
A second storage unit that stores software that causes the processor to access a second access range that is narrower than the first access range;
A communication path for connecting the first storage unit and the processor and performing communication of data necessary for executing the privileged software on the processor;
Fetch detection means for detecting fetches to a plurality of instructions executed when the processor starts up the privileged software, which is an instruction included in the privileged software, via the communication path;
Fetch for determining whether or not fetching is performed from the detected fetch destination address to the storage address storing each of the instructions constituting the plurality of instructions when the processor is executing the software Judgment means,
Control means for releasing access of the first access range to the processor when it is determined that the plurality of instructions are fetched in the order of instructions;
An information processing apparatus comprising:

Images